Steve,
Thanks for your early reply.
I did as you mentioned and my server is working fine. But i have one more
problem.
When i try to connect from client as
telnet -z ssl -z cert=newfile.pem server port
It gives the following error
VERIFY ERROR: depth=0 error=unable to get local issuer certificate:
Please can anyone tell me what all to be set when calling the function
SSL_CTX_load_verify_locations(ctx, file, path)
file which i am using is cacert.pem(generated with command: openssl pkcs12
-in file.p12 -out cacerts.pem -cacerts -nokeys)
path which i am using is mytrusted. But since i am using the certificate
from CS, i do not know what file to be present in this path.
>From the openssl i found that there is file called hash.O present. Can
anyone tell me how do i generate this file for the certificate got from CS.
Is this the cause for above error(i think)?
Thanks,
Asha
>That command places all certificates and private keys in the output file
>in the order they appear in the input file.
>The server typically takes the first certificate and private key it
>finds and assumes they are the ones you want.
>As a result the first certificate and first key may not be the ones you
>want and they may not match.
>Instead you need to just output the certificate corresponding to the
>private key with:
>openssl pkcs12 -in file.p12 -out newfile.pem -clcerts -nodes
>If you want the CA certs(s) then do:
>openssl pkcs12 -in file.p12 -out cacerts.pem -cacerts -nokeys
>Steve.
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose, distribute,
print, or copy any part of this message if you are not the intended
recipient. CREDIT SUISSE GROUP and each of its subsidiaries each reserve
the right to monitor all e-mail communications through its networks. Any
views expressed in this message are those of the individual sender, except
where the message states otherwise and the sender is authorised to state
them to be the views of any such entity.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
